Public bug reported: Hi everyone, I am facing an issue with SSSD internal DNS resolver (I was able to reproduce this issue with SSSD versions 2.2.3 coming with Ubuntu 20.04 and version 1.16.1 coming with Ubuntu 18.04) when I am using Cisco Anyconnect VPN client. SSSD is not detecting the new DNS servers setting up by Cisco Anyconnect client and keeps using previous ones. DNS is managed with systemd-resolved and the /etc/resolv.conf file is a symlink to /run/systemd/resolve/resolv.conf file (I am not using the internal DNS stub resolver). When Cisco Anyconnect client connects to VPN the /etc/resolv.conf symlink is renamed to /etc/resolv.conf.vpnbackup and a regular file /etc/resolve.conf is created with DNS servers to use while on VPN. When Cisco Anyconnect client disconnects from VPN the /etc/resolv.conf.vpnbackup is moved back to /etc/resolv.conf. I have checked this with inotifywait (I only kept interesting parts):
/etc/ MOVED_FROM resolv.conf /etc/ MOVED_TO resolv.conf.vpnbackup /etc/ CREATE resolv.conf /etc/ OPEN resolv.conf /etc/ ATTRIB resolv.conf /etc/ MODIFY resolv.conf /etc/ CLOSE_WRITE,CLOSE resolv.conf ... /etc/ MOVED_FROM resolv.conf.vpnbackup /etc/ MOVED_TO resolv.conf I can workaround this issue by changing the way SSSD detects DNS changes (stop using inotify and poll the /etc/resolv.conf file every 5 seconds) with option try_inotify set to false but I guess this can impact performance (even though I don't think this should be a big impact). The SSSD team told me that my issue is the same issue as this one https://github.com/SSSD/sssd/issues/1031 Newer SSSD versions have already been fixed. Will it be possible to backport: patches - https://github.com/SSSD/sssd/commit/0c5711f9bae1cb46d4cd3fbe5d86d8688087be13 to version 2.2.3 (Ubuntu 20.04) - https://github.com/SSSD/sssd/commit/758b99590a8e1f69b4487fad9cf343525797e05f to version 1.16.1 (Ubuntu 18.04) Thanks for your help :) ** Affects: sssd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1958391 Title: SSSD internal DNS resolver is broken when using Cisco Anyconnect VPN client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1958391/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
